<!DOCTYPE html>
<html lang="zh-CN">
<head>
  <meta charset="UTF-8">
<meta name="viewport" content="width=device-width, initial-scale=1, maximum-scale=2">
<meta name="theme-color" content="#222">
<meta name="generator" content="Hexo 4.2.0">
  <link rel="apple-touch-icon" sizes="180x180" href="/images/apple-touch-icon-next.png">
  <link rel="icon" type="image/png" sizes="32x32" href="/images/favicon-32x32-next.png">
  <link rel="icon" type="image/png" sizes="16x16" href="/images/favicon-16x16-next.png">
  <link rel="mask-icon" href="/images/logo.svg" color="#222">

<link rel="stylesheet" href="/css/main.css">


<link rel="stylesheet" href="/lib/font-awesome/css/all.min.css">
  <link rel="stylesheet" href="//cdn.jsdelivr.net/gh/fancyapps/fancybox@3/dist/jquery.fancybox.min.css">

<script id="hexo-configurations">
    var NexT = window.NexT || {};
    var CONFIG = {"hostname":"gwashitgton.gitee.io","root":"/","scheme":"Gemini","version":"7.8.0","exturl":false,"sidebar":{"position":"left","display":"post","padding":18,"offset":12,"onmobile":false},"copycode":{"enable":true,"show_result":true,"style":"mac"},"back2top":{"enable":true,"sidebar":false,"scrollpercent":true},"bookmark":{"enable":false,"color":"#222","save":"auto"},"fancybox":true,"mediumzoom":false,"lazyload":false,"pangu":false,"comments":{"style":"tabs","active":null,"storage":true,"lazyload":false,"nav":null},"algolia":{"hits":{"per_page":10},"labels":{"input_placeholder":"Search for Posts","hits_empty":"We didn't find any results for the search: ${query}","hits_stats":"${hits} results found in ${time} ms"}},"localsearch":{"enable":"enable","trigger":"auto","top_n_per_article":1,"unescape":false,"preload":false},"motion":{"enable":true,"async":false,"transition":{"post_block":"fadeIn","post_header":"slideDownIn","post_body":"slideDownIn","coll_header":"slideLeftIn","sidebar":"slideUpIn"}},"path":"search.xml"};
  </script>

  <meta name="description" content="Windows 安全加固">
<meta property="og:type" content="article">
<meta property="og:title" content="Windows安全加固">
<meta property="og:url" content="https://gwashitgton.gitee.io/2020/05/08/Windows%E5%AE%89%E5%85%A8%E5%8A%A0%E5%9B%BA/">
<meta property="og:site_name" content="Enterprise">
<meta property="og:description" content="Windows 安全加固">
<meta property="og:locale" content="zh_CN">
<meta property="og:image" content="https://gitee.com/GWashitgton/Picture/raw/master/image/20200508102827.png">
<meta property="og:image" content="https://gitee.com/GWashitgton/Picture/raw/master/image/20200508105016.png">
<meta property="og:image" content="https://gitee.com/GWashitgton/Picture/raw/master/image/20200508105447.png">
<meta property="og:image" content="https://gitee.com/GWashitgton/Picture/raw/master/image/20200508105859.png">
<meta property="og:image" content="https://gitee.com/GWashitgton/Picture/raw/master/image/20200508110545.png">
<meta property="og:image" content="https://gitee.com/GWashitgton/Picture/raw/master/image/20200508135329.png">
<meta property="og:image" content="https://gitee.com/GWashitgton/Picture/raw/master/image/20200508135742.png">
<meta property="og:image" content="https://gitee.com/GWashitgton/Picture/raw/master/image/20200508135826.png">
<meta property="og:image" content="https://gitee.com/GWashitgton/Picture/raw/master/image/20200508135957.png">
<meta property="og:image" content="https://gitee.com/GWashitgton/Picture/raw/master/image/20200508172443.png">
<meta property="og:image" content="https://gitee.com/GWashitgton/Picture/raw/master/image/20200508173029.png">
<meta property="og:image" content="https://gitee.com/GWashitgton/Picture/raw/master/image/20200508173345.png">
<meta property="og:image" content="https://gitee.com/GWashitgton/Picture/raw/master/image/20200508175546.png">
<meta property="og:image" content="https://gitee.com/GWashitgton/Picture/raw/master/image/20200508204746.png">
<meta property="article:published_time" content="2020-05-08T13:06:48.000Z">
<meta property="article:modified_time" content="2020-05-08T13:18:10.008Z">
<meta property="article:author" content="Odin">
<meta property="article:tag" content="安全加固">
<meta property="article:tag" content="Windows">
<meta name="twitter:card" content="summary">
<meta name="twitter:image" content="https://gitee.com/GWashitgton/Picture/raw/master/image/20200508102827.png">

<link rel="canonical" href="https://gwashitgton.gitee.io/2020/05/08/Windows%E5%AE%89%E5%85%A8%E5%8A%A0%E5%9B%BA/">


<script id="page-configurations">
  // https://hexo.io/docs/variables.html
  CONFIG.page = {
    sidebar: "",
    isHome : false,
    isPost : true,
    lang   : 'zh-CN'
  };
</script>

  <title>Windows安全加固 | Enterprise</title>
  


  <script>
    var _hmt = _hmt || [];
    (function() {
      var hm = document.createElement("script");
      hm.src = "https://hm.baidu.com/hm.js?a3850f6ef1a87fae200c86d8a5c3a0d7";
      var s = document.getElementsByTagName("script")[0];
      s.parentNode.insertBefore(hm, s);
    })();
  </script>




  <noscript>
  <style>
  .use-motion .brand,
  .use-motion .menu-item,
  .sidebar-inner,
  .use-motion .post-block,
  .use-motion .pagination,
  .use-motion .comments,
  .use-motion .post-header,
  .use-motion .post-body,
  .use-motion .collection-header { opacity: initial; }

  .use-motion .site-title,
  .use-motion .site-subtitle {
    opacity: initial;
    top: initial;
  }

  .use-motion .logo-line-before i { left: initial; }
  .use-motion .logo-line-after i { right: initial; }
  </style>
</noscript>

<link rel="alternate" href="/atom.xml" title="Enterprise" type="application/atom+xml">
</head>
<script type="text/javascript" src="/js/love.js"></script>
<body itemscope itemtype="http://schema.org/WebPage">
  <div class="container use-motion">
    <div class="headband"></div>

    <header class="header" itemscope itemtype="http://schema.org/WPHeader">
      <div class="header-inner"><div class="site-brand-container">
  <div class="site-nav-toggle">
    <div class="toggle" aria-label="切换导航栏">
      <span class="toggle-line toggle-line-first"></span>
      <span class="toggle-line toggle-line-middle"></span>
      <span class="toggle-line toggle-line-last"></span>
    </div>
  </div>

  <div class="site-meta">

    <a href="/" class="brand" rel="start">
      <span class="logo-line-before"><i></i></span>
      <h1 class="site-title">Enterprise</h1>
      <span class="logo-line-after"><i></i></span>
    </a>
      <p class="site-subtitle" itemprop="description">纸上得来终觉浅，绝知此事要躬行</p>
  </div>

  <div class="site-nav-right">
    <div class="toggle popup-trigger">
        <i class="fa fa-search fa-fw fa-lg"></i>
    </div>
  </div>
</div>




<nav class="site-nav">
  <ul id="menu" class="main-menu menu">
        <li class="menu-item menu-item-home">

    <a href="/" rel="section"><i class="fa fa-home fa-fw"></i>首页</a>

  </li>
        <li class="menu-item menu-item-tags">

    <a href="/tags/" rel="section"><i class="fa fa-tags fa-fw"></i>标签</a>

  </li>
        <li class="menu-item menu-item-categories">

    <a href="/categories/" rel="section"><i class="fa fa-th fa-fw"></i>分类</a>

  </li>
        <li class="menu-item menu-item-archives">

    <a href="/archives/" rel="section"><i class="fa fa-archive fa-fw"></i>归档</a>

  </li>
      <li class="menu-item menu-item-search">
        <a role="button" class="popup-trigger"><i class="fa fa-search fa-fw"></i>搜索
        </a>
      </li>
  </ul>
</nav>



  <div class="search-pop-overlay">
    <div class="popup search-popup">
        <div class="search-header">
  <span class="search-icon">
    <i class="fa fa-search"></i>
  </span>
  <div class="search-input-container">
    <input autocomplete="off" autocapitalize="off"
           placeholder="搜索..." spellcheck="false"
           type="search" class="search-input">
  </div>
  <span class="popup-btn-close">
    <i class="fa fa-times-circle"></i>
  </span>
</div>
<div id="search-result">
  <div id="no-result">
    <i class="fa fa-spinner fa-pulse fa-5x fa-fw"></i>
  </div>
</div>

    </div>
  </div>

</div>
    </header>

    
  <div class="back-to-top">
    <i class="fa fa-arrow-up"></i>
    <span>0%</span>
  </div>
  <div class="reading-progress-bar"></div>

  <a href="https://github.com/Grergo" class="github-corner" title="Follow me on GitHub" aria-label="Follow me on GitHub" rel="noopener" target="_blank"><svg width="80" height="80" viewBox="0 0 250 250" aria-hidden="true"><path d="M0,0 L115,115 L130,115 L142,142 L250,250 L250,0 Z"></path><path d="M128.3,109.0 C113.8,99.7 119.0,89.6 119.0,89.6 C122.0,82.7 120.5,78.6 120.5,78.6 C119.2,72.0 123.4,76.3 123.4,76.3 C127.3,80.9 125.5,87.3 125.5,87.3 C122.9,97.6 130.6,101.9 134.4,103.2" fill="currentColor" style="transform-origin: 130px 106px;" class="octo-arm"></path><path d="M115.0,115.0 C114.9,115.1 118.7,116.5 119.8,115.4 L133.7,101.6 C136.9,99.2 139.9,98.4 142.2,98.6 C133.8,88.0 127.5,74.4 143.8,58.0 C148.5,53.4 154.0,51.2 159.7,51.0 C160.3,49.4 163.2,43.6 171.4,40.1 C171.4,40.1 176.1,42.5 178.8,56.2 C183.1,58.6 187.2,61.8 190.9,65.4 C194.5,69.0 197.7,73.2 200.1,77.6 C213.8,80.2 216.3,84.9 216.3,84.9 C212.7,93.1 206.9,96.0 205.4,96.6 C205.1,102.4 203.0,107.8 198.3,112.5 C181.9,128.9 168.3,122.5 157.7,114.1 C157.9,116.9 156.7,120.9 152.7,124.9 L141.0,136.5 C139.8,137.7 141.6,141.9 141.8,141.8 Z" fill="currentColor" class="octo-body"></path></svg></a>


    <main class="main">
      <div class="main-inner">
        <div class="content-wrap">
          

          <div class="content post posts-expand">
            

    
  
  
  <article itemscope itemtype="http://schema.org/Article" class="post-block" lang="zh-CN">
    <link itemprop="mainEntityOfPage" href="https://gwashitgton.gitee.io/2020/05/08/Windows%E5%AE%89%E5%85%A8%E5%8A%A0%E5%9B%BA/">

    <span hidden itemprop="author" itemscope itemtype="http://schema.org/Person">
      <meta itemprop="image" content="https://gitee.com/GWashitgton/Picture/raw/master/image/20200422132544.JPG">
      <meta itemprop="name" content="Odin">
      <meta itemprop="description" content="">
    </span>

    <span hidden itemprop="publisher" itemscope itemtype="http://schema.org/Organization">
      <meta itemprop="name" content="Enterprise">
    </span>
      <header class="post-header">
        <h1 class="post-title" itemprop="name headline">
          Windows安全加固
        </h1>

        <div class="post-meta">
            <span class="post-meta-item">
              <span class="post-meta-item-icon">
                <i class="far fa-calendar"></i>
              </span>
              <span class="post-meta-item-text">发表于</span>
              

              <time title="创建时间：2020-05-08 21:06:48 / 修改时间：21:18:10" itemprop="dateCreated datePublished" datetime="2020-05-08T21:06:48+08:00">2020-05-08</time>
            </span>
            <span class="post-meta-item">
              <span class="post-meta-item-icon">
                <i class="far fa-folder"></i>
              </span>
              <span class="post-meta-item-text">分类于</span>
                <span itemprop="about" itemscope itemtype="http://schema.org/Thing">
                  <a href="/categories/Windows/" itemprop="url" rel="index"><span itemprop="name">Windows</span></a>
                </span>
            </span>

          
  
  <span class="post-meta-item">
    
      <span class="post-meta-item-icon">
        <i class="far fa-comment"></i>
      </span>
      <span class="post-meta-item-text">Valine：</span>
    
    <a title="valine" href="/2020/05/08/Windows%E5%AE%89%E5%85%A8%E5%8A%A0%E5%9B%BA/#valine-comments" itemprop="discussionUrl">
      <span class="post-comments-count valine-comment-count" data-xid="/2020/05/08/Windows%E5%AE%89%E5%85%A8%E5%8A%A0%E5%9B%BA/" itemprop="commentCount"></span>
    </a>
  </span>
  
  <br>
            <span class="post-meta-item" title="本文字数">
              <span class="post-meta-item-icon">
                <i class="far fa-file-word"></i>
              </span>
                <span class="post-meta-item-text">本文字数：</span>
              <span>5.1k</span>
            </span>
            <span class="post-meta-item" title="阅读时长">
              <span class="post-meta-item-icon">
                <i class="far fa-clock"></i>
              </span>
                <span class="post-meta-item-text">阅读时长 &asymp;</span>
              <span>5 分钟</span>
            </span>
            <div class="post-description">Windows 安全加固</div>

        </div>
      </header>

    
    
    
    <div class="post-body" itemprop="articleBody">

      
        <a id="more"></a>
<!-- markdownlint-disable MD041 MD002-->

<h2 id="Windows系统安全加固"><a href="#Windows系统安全加固" class="headerlink" title="Windows系统安全加固"></a>Windows系统安全加固</h2><hr>
<h3 id="1-系统安装"><a href="#1-系统安装" class="headerlink" title="1. 系统安装"></a>1. 系统安装</h3><p>系统镜像尽量下载纯净的原版镜像，可以从这两个网站下载 <a href="https://www.microsoft.com/zh-cn/software-download" target="_blank" rel="noopener">微软软件下载</a>、<a href="https://msdn.itellyou.cn/" target="_blank" rel="noopener">MSDN</a>，下载完毕后进行SHA1验证，避免镜像损坏或被修改。</p>
<h3 id="2-账户管理与认证授权"><a href="#2-账户管理与认证授权" class="headerlink" title="2. 账户管理与认证授权"></a>2. 账户管理与认证授权</h3><h4 id="2-1账户"><a href="#2-1账户" class="headerlink" title="2.1账户"></a>2.1账户</h4><h5 id="默认账户安全"><a href="#默认账户安全" class="headerlink" title="默认账户安全"></a>默认账户安全</h5><ul>
<li>禁用Guest账户</li>
<li>禁用或者删除其他无用账户</li>
</ul>
<p><strong>具体步骤：</strong>win+s&gt;输入 计算机管理 &gt;选择系统工具&gt; 本地用户和组&gt; 用户 双击Guest 或者其他无用账户，勾选账户已禁用即可。</p>
<p><img src="https://gitee.com/GWashitgton/Picture/raw/master/image/20200508102827.png" alt="img"></p>
<h5 id="控制账户权限"><a href="#控制账户权限" class="headerlink" title="控制账户权限"></a>控制账户权限</h5><p>按照业务需求创建不同的用户和用户组。例如管理员用户、数据库用户、审计用户等。</p>
<p><strong>具体步骤：</strong>win+s&gt;输入 计算机管理 &gt;选择系统工具&gt; 本地用户和组&gt; 组 右击可以新建组，选中特定的组右击可以将用户添加到该组中。</p>
<h5 id="定期检查并删除无关账户"><a href="#定期检查并删除无关账户" class="headerlink" title="定期检查并删除无关账户"></a>定期检查并删除无关账户</h5><p>定期检查删除或者锁定无关账户。</p>
<p><strong>具体步骤：</strong>win+s&gt;输入 计算机管理 &gt;选择系统工具&gt; 本地用户和组 查看是否有无关账户</p>
<h5 id="查看是否有隐藏账户"><a href="#查看是否有隐藏账户" class="headerlink" title="查看是否有隐藏账户"></a>查看是否有隐藏账户</h5><p>为了安全起见，我们需要查看一下是否有隐藏账户，隐藏账户在计算机管理控制台不显示，使用<code>net user</code>命令也无法查看到，这时我们就需要通过注册表查看了。</p>
<p><strong>具体步骤：</strong>打开注册表编辑器，定位到<code>HKEY_LOCAL_MACHINE\SAM\SAM</code>这个位置，这时我们查看SAM键，发现是空的，这是由于权限不足引起的，我们右击权限，选中Administrators ，并将读取权限允许。 然后按F5刷新一下，这时会发现SAM下不再为空了。 <code>HKEY_LOCAL_MACHINE\SAM\SAM\Domains\Account\Users\Names</code>定位到这里，展开Names，查看是否有无关账户。如果存在，则需要删除。首先选中要删除的账户，记录默认值，然后删除该键。然后将上方对应的00000xxx的键一并删除即可。</p>
<p><img src="https://gitee.com/GWashitgton/Picture/raw/master/image/20200508105016.png" alt="img"></p>
<p><img src="https://gitee.com/GWashitgton/Picture/raw/master/image/20200508105447.png" alt="image-20200508135328661"></p>
<h5 id="取消显示最后登录的用户名"><a href="#取消显示最后登录的用户名" class="headerlink" title="取消显示最后登录的用户名"></a>取消显示最后登录的用户名</h5><p>配置登录登出后，不显示用户名称。</p>
<p><strong>具体步骤：</strong>win+s&gt;输入 本地安全策略  具体步骤如下图。</p>
<p><img src="https://gitee.com/GWashitgton/Picture/raw/master/image/20200508105859.png" alt="image-20200508105838894"></p>
<h4 id="2-2口令"><a href="#2-2口令" class="headerlink" title="2.2口令"></a>2.2口令</h4><h5 id="密码复杂度"><a href="#密码复杂度" class="headerlink" title="密码复杂度"></a>密码复杂度</h5><p>密码复杂度要求必须满足以下策略：</p>
<ul>
<li><p>最短密码长度要求八个字符。</p>
</li>
<li><p>启用本机组策略中密码必须符合复杂性要求的策略。</p>
<p>即密码至少包含以下四种类别的字符中的两种：</p>
<ul>
<li>英语大写字母 A, B, C, … Z</li>
<li>英语小写字母 a, b, c, … z</li>
<li>西方阿拉伯数字 0, 1, 2, … 9</li>
<li>非字母数字字符，如标点符号，@, #, $, %, &amp;, *等</li>
</ul>
</li>
</ul>
<p><strong>具体步骤：本地安全策略</strong> &gt; <strong>帐户策略</strong>&gt;<strong>密码策略</strong>&gt; 开启 <strong>密码必须符合复杂性要求</strong>，然后配置密码长度最小值，密码最长使用期限应不大于90天，也不宜过短，以免混淆密码。</p>
<p><img src="https://gitee.com/GWashitgton/Picture/raw/master/image/20200508110545.png" alt="image-20200508110543938"></p>
<h5 id="账户锁定策略"><a href="#账户锁定策略" class="headerlink" title="账户锁定策略"></a>账户锁定策略</h5><p>为了防止暴力破解密码，应当配置账户锁定策略。当用户连续认证失败次数超过10次后，锁定该用户使用的帐户。锁定时间30分钟，30分钟后重置计数器。</p>
<p><strong>具体步骤：本地安全策略</strong>&gt;<strong>账户策略</strong>&gt;<strong>账户锁定策略</strong> 配置账户锁定阈值不大于10次。</p>
<p><img src="https://gitee.com/GWashitgton/Picture/raw/master/image/20200508135329.png" alt="image-20200508135328661"></p>
<h4 id="2-3-授权"><a href="#2-3-授权" class="headerlink" title="2.3 授权"></a>2.3 授权</h4><h5 id="远程关机"><a href="#远程关机" class="headerlink" title="远程关机"></a>远程关机</h5><p>在本地安全设置中，从远端系统强制关机权限只分配给Administrators组。</p>
<p><strong>具体步骤：</strong>打开  <strong>本地安全策略</strong>，在 <strong>本地策略</strong> &gt; <strong>用户权限分配</strong> 中，配置 <strong>从远端系统强制关机</strong> 权限只分配给Administrators组。</p>
<p><img src="https://gitee.com/GWashitgton/Picture/raw/master/image/20200508135742.png" alt="image-20200508135736065"></p>
<h5 id="本地关机"><a href="#本地关机" class="headerlink" title="本地关机"></a>本地关机</h5><p>在本地安全设置中关闭系统权限只分配给Administrators组。</p>
<p><strong>具体步骤：</strong>打开 <strong>本地安全策略</strong>，在 <strong>本地策略</strong> &gt; <strong>用户权限分配</strong> 中，配置 <strong>关闭系统</strong> 权限只分配给Administrators组。</p>
<p><img src="https://gitee.com/GWashitgton/Picture/raw/master/image/20200508135826.png" alt="image-20200508135825514"></p>
<h5 id="用户权限指派"><a href="#用户权限指派" class="headerlink" title="用户权限指派"></a>用户权限指派</h5><p>在本地安全设置中，取得文件或其它对象的所有权权限只分配给Administrators组。</p>
<p><strong>具体步骤：</strong>打开 <strong>本地安全策略</strong>，在 <strong>本地策略</strong> &gt; <strong>用户权限分配</strong> 中，配置 <strong>取得文件或其它对象的所有权</strong> 权限只分配给Administrators组。</p>
<p><img src="https://gitee.com/GWashitgton/Picture/raw/master/image/20200508135957.png" alt="image-20200508135956062"></p>
<h5 id="授权帐户登录"><a href="#授权帐户登录" class="headerlink" title="授权帐户登录"></a>授权帐户登录</h5><p>在本地安全设置中，配置指定授权用户允许本地登录此计算机。</p>
<p><strong>具体步骤：</strong>打开 <strong>本地安全策略</strong>，在 <strong>本地策略</strong> &gt; <strong>用户权限分配</strong> 中，配置 <strong>允许本地登录</strong> 权限给指定授权用户。</p>
<h5 id="授权帐户从网络访问"><a href="#授权帐户从网络访问" class="headerlink" title="授权帐户从网络访问"></a>授权帐户从网络访问</h5><p>在本地安全设置中，只允许授权帐号从网络访问（包括网络共享等，但不包括终端服务）此计算机。</p>
<p><strong>具体步骤：</strong>打开  <strong>本地安全策略</strong>，在 <strong>本地策略</strong> &gt; <strong>用户权限分配</strong> 中，配置 <strong>从网络访问此计算机</strong> 权限给指定授权用户。</p>
<h3 id="3-日志配置"><a href="#3-日志配置" class="headerlink" title="3. 日志配置"></a>3. 日志配置</h3><h4 id="3-1审核配置"><a href="#3-1审核配置" class="headerlink" title="3.1审核配置"></a>3.1审核配置</h4><h5 id="审核登录"><a href="#审核登录" class="headerlink" title="审核登录"></a>审核登录</h5><p>设备应配置日志功能，对用户登录进行记录。记录内容包括用户登录使用的帐户、登录是否成功、登录时间、以及远程登录时、及用户使用的IP地址。</p>
<p><strong>具体步骤：</strong> <strong>本地安全策略</strong>，在 <strong>本地策略</strong> &gt; <strong>审核策略</strong> 中，设置 <strong>审核登录事件</strong>，成功失败都要审核。</p>
<h5 id="审核策略"><a href="#审核策略" class="headerlink" title="审核策略"></a>审核策略</h5><p>启用本地安全策略中对Windows系统的审核策略更改，成功和失败操作都需要审核。</p>
<p><strong>具体步骤：</strong> <strong>本地安全策略</strong>，在 <strong>本地策略</strong> &gt; <strong>审核策略</strong> 中，设置 <strong>审核策略更改</strong>，成功失败都要审核。</p>
<h5 id="审核对象访问"><a href="#审核对象访问" class="headerlink" title="审核对象访问"></a>审核对象访问</h5><p>启用本地安全策略中对Windows系统的审核对象访问，成功和失败操作都需要审核。</p>
<p><strong>具体步骤：</strong> <strong>本地安全策略</strong>，在 <strong>本地策略</strong> &gt; <strong>审核策略</strong> 中，设置 <strong>审核对象访问</strong>。</p>
<h5 id="审核事件目录服务访问"><a href="#审核事件目录服务访问" class="headerlink" title="审核事件目录服务访问"></a>审核事件目录服务访问</h5><p>启用本地安全策略中对Windows系统的审核目录服务访问，仅需要审核失败操作。</p>
<p><strong>具体步骤：</strong>  <strong>本地安全策略</strong>，在 <strong>本地策略</strong> &gt; <strong>审核策略</strong> 中，设置 <strong>审核目录服务器访问</strong>。</p>
<h5 id="审核特权使用"><a href="#审核特权使用" class="headerlink" title="审核特权使用"></a>审核特权使用</h5><p>启用本地安全策略中对Windows系统的审核特权使用，成功和失败操作都需要审核。</p>
<p><strong>具体步骤：</strong> <strong>本地安全策略</strong>，在 <strong>本地策略</strong> &gt; <strong>审核策略</strong> 中，设置 <strong>审核特权使用</strong>。</p>
<h5 id="审核系统事件"><a href="#审核系统事件" class="headerlink" title="审核系统事件"></a>审核系统事件</h5><p>启用本地安全策略中对Windows系统的审核系统事件，成功和失败操作都需要审核。</p>
<p><strong>具体步骤：</strong>  <strong>本地安全策略</strong>，在 <strong>本地策略</strong> &gt; <strong>审核策略</strong> 中，设置 <strong>审核系统事件</strong>。</p>
<h5 id="审核帐户管理"><a href="#审核帐户管理" class="headerlink" title="审核帐户管理"></a>审核帐户管理</h5><p>启用本地安全策略中对Windows系统的审核帐户管理，成功和失败操作都要审核。</p>
<p><strong>具体步骤：</strong> <strong>本地安全策略</strong>，在 <strong>本地策略</strong> &gt; <strong>审核策略</strong> 中，设置 <strong>审核帐户管理</strong>。</p>
<h5 id="审核过程追踪"><a href="#审核过程追踪" class="headerlink" title="审核过程追踪"></a>审核过程追踪</h5><p>启用本地安全策略中对Windows系统的审核进程追踪，仅失败操作需要审核。</p>
<p><strong>具体步骤：</strong>  <strong>本地安全策略</strong>，在 <strong>本地策略</strong> &gt; <strong>审核策略</strong> 中，设置 <strong>审核进程追踪</strong>。</p>
<h4 id="3-2-日志文件大小设置"><a href="#3-2-日志文件大小设置" class="headerlink" title="3.2 日志文件大小设置"></a>3.2 日志文件大小设置</h4><h5 id="设置日志文件大小"><a href="#设置日志文件大小" class="headerlink" title="设置日志文件大小"></a>设置日志文件大小</h5><p>设置应用日志文件大小至少为 8192 KB，可根据磁盘空间配置日志文件大小，记录的日志越多越好。并设置当达到最大的日志尺寸时，按需要轮询记录日志。</p>
<p><strong>具体步骤：</strong> <strong>事件查看器</strong> 配置应用日志、系统日志、安全日志属性中的日志大小、以及达到最大日志大小时的相应的策略。</p>
<p><img src="https://gitee.com/GWashitgton/Picture/raw/master/image/20200508172443.png" alt="image-20200508172442140"></p>
<p>关于Windows系统日志的相关信息 详情参考这篇 <strong><a href="https://gwashitgton.gitee.io/2020/04/24/Windows%E6%97%A5%E5%BF%97%E7%AE%80%E8%A6%81%E8%A7%A3%E6%9E%90/">文章</a></strong></p>
<h4 id="3-3-针对特定目录添加审核"><a href="#3-3-针对特定目录添加审核" class="headerlink" title="3.3 针对特定目录添加审核"></a>3.3 针对特定目录添加审核</h4><h5 id="针对特定目录添加审核"><a href="#针对特定目录添加审核" class="headerlink" title="针对特定目录添加审核"></a>针对特定目录添加审核</h5><p>有时我们需要针对特定目录，特定账户进行的操作进行审核。</p>
<p><strong>具体步骤：</strong> 打开文件夹属性，选择高级，点击审核，添加审核主体，审核主体即为用户或用户组。然后设置成功或者失败 亦或者两者都审核。设置权限，设置是否应用于子目录或者文件。</p>
<p><img src="https://gitee.com/GWashitgton/Picture/raw/master/image/20200508173029.png" alt="image-20200508173027112"></p>
<p><img src="https://gitee.com/GWashitgton/Picture/raw/master/image/20200508173345.png" alt="image-20200508173343940"></p>
<h3 id="4-IP协议安全配置"><a href="#4-IP协议安全配置" class="headerlink" title="4. IP协议安全配置"></a>4. IP协议安全配置</h3><h4 id="IP协议安全"><a href="#IP协议安全" class="headerlink" title="IP协议安全"></a>IP协议安全</h4><h5 id="启用SYN攻击保护"><a href="#启用SYN攻击保护" class="headerlink" title="启用SYN攻击保护"></a>启用SYN攻击保护</h5><p>启用SYN攻击保护。</p>
<ul>
<li>指定触发SYN洪水攻击保护所必须超过的TCP连接请求数阈值为5。</li>
<li>指定处于 SYN_RCVD 状态的 TCP 连接数的阈值为500。</li>
<li>指定处于至少已发送一次重传的 SYN_RCVD 状态中的 TCP 连接数的阈值为400。</li>
</ul>
<p><strong>具体步骤：</strong>打开注册表编辑器，定位到相应的键值进行修改。</p>
<p><strong>Windows Server 2012</strong></p>
<p><code>HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\SynAttackProtect</code>推荐值 2</p>
<p><code>HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\TcpMaxHalfOpen</code> 推荐值 500</p>
<p><strong>Windows Server 2008</strong></p>
<p><code>HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SynAttackProtect</code> 推荐值 2</p>
<p><code>HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TcpMaxPortsExhausted</code> 推荐值 5</p>
<p><code>HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TcpMaxHalfOpen</code> 推荐值 500</p>
<p><code>HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TcpMaxHalfOpenRetried</code> 推荐值 400</p>
<h3 id="5-文件权限"><a href="#5-文件权限" class="headerlink" title="5. 文件权限"></a>5. 文件权限</h3><h4 id="共享文件夹及访问权限"><a href="#共享文件夹及访问权限" class="headerlink" title="共享文件夹及访问权限"></a>共享文件夹及访问权限</h4><h5 id="关闭默认共享"><a href="#关闭默认共享" class="headerlink" title="关闭默认共享"></a>关闭默认共享</h5><p>在非域环境中，要关闭Windows硬盘默认共享。</p>
<p><strong>具体步骤：</strong> 打开注册表编辑器，根据推荐值设置。</p>
<p><code>HKLM\System\CurrentControlSet\Services\LanmanServer\Parameters\AutoShareServer</code> 推荐值 0</p>
<p><em>Windows Server 2012版本中 已默认关闭Windows 硬盘共享，且没有此注册表键值</em></p>
<h5 id="共享文件夹授权访问"><a href="#共享文件夹授权访问" class="headerlink" title="共享文件夹授权访问"></a>共享文件夹授权访问</h5><p>每个共享文件夹的共享权限，只允许授权的帐户拥有共享此文件夹的权限。</p>
<p><strong>具体步骤：</strong> 每个共享文件夹的共享权限仅限于业务需要，不要设置成为 <strong>Everyone</strong>。打开 <strong>控制面板</strong> &gt; <strong>管理工具</strong> &gt; <strong>计算机管理</strong>，在 <strong>共享文件夹</strong> 中，查看每个共享文件夹的共享权限。</p>
<h3 id="6-服务安全"><a href="#6-服务安全" class="headerlink" title="6. 服务安全"></a>6. 服务安全</h3><h4 id="6-1-禁用NetBIOS"><a href="#6-1-禁用NetBIOS" class="headerlink" title="6.1 禁用NetBIOS"></a>6.1 禁用NetBIOS</h4><p>禁用TCP/IP上的NetBIOS协议，可以关闭监听的 UDP 137（netbios-ns）、UDP 138（netbios-dgm）以及 TCP 139（netbios-ssn）端口。</p>
<p><strong>具体步骤：</strong> 打开服务，禁用 <strong>TCP/IP NetBIOS Helper</strong> 服务。在网络连接属性中，双击Internet协议版本4，单机高级，在WINS页中，关闭LMHOSTS查找，禁用TCP/IP上的NetBIOS。</p>
<p><img src="https://gitee.com/GWashitgton/Picture/raw/master/image/20200508175546.png" alt="image-20200508175544984"></p>
<h4 id="6-2-禁用不必要的服务"><a href="#6-2-禁用不必要的服务" class="headerlink" title="6.2 禁用不必要的服务"></a>6.2 禁用不必要的服务</h4><p>参考如下：</p>
<table>
<thead>
<tr>
<th>服务名</th>
<th>建议</th>
</tr>
</thead>
<tbody><tr>
<td>DHCP Client</td>
<td>如果不使用动态IP,则建议关闭</td>
</tr>
<tr>
<td>Background Intelligent Transfer Service</td>
<td>如果不启用自动更新，建议关闭</td>
</tr>
<tr>
<td>ComputerBrowser</td>
<td>建议关闭</td>
</tr>
<tr>
<td>Diagnostic Policy Service</td>
<td>建议手动</td>
</tr>
<tr>
<td>IP Helper</td>
<td>如果不用双栈建议关闭</td>
</tr>
<tr>
<td>PrintSpooler</td>
<td>如果不使用打印服务，建议关闭</td>
</tr>
<tr>
<td>Remote Registry</td>
<td>建议关闭</td>
</tr>
<tr>
<td>TCP/IP NetBIOS Helper</td>
<td>建议关闭</td>
</tr>
<tr>
<td>Windows Remote ManageMent</td>
<td>建议关闭</td>
</tr>
<tr>
<td>Windows Font Cache Service</td>
<td>建议关闭</td>
</tr>
<tr>
<td>WinHTTP Web Proxy Auto-Discovery Service</td>
<td>建议关闭</td>
</tr>
</tbody></table>
<h3 id="7-安全选项"><a href="#7-安全选项" class="headerlink" title="7. 安全选项"></a>7. 安全选项</h3><h4 id="7-1-启用安全选项"><a href="#7-1-启用安全选项" class="headerlink" title="7.1 启用安全选项"></a>7.1 启用安全选项</h4><p><strong>具体步骤：</strong> <strong>本地安全策略</strong> &gt; <strong>安全选项</strong> 进行如下配置</p>
<table>
<thead>
<tr>
<th>安全选项</th>
<th>配置内容</th>
</tr>
</thead>
<tbody><tr>
<td>交互式登录：试图登录的用户的消息标题</td>
<td>警告标题</td>
</tr>
<tr>
<td>交互式登录：试图登录的用户的消息文本</td>
<td>警告内容</td>
</tr>
<tr>
<td>Microsoft网络服务器：对通信进行数字签名（如果客户端允许）</td>
<td>启用</td>
</tr>
<tr>
<td>Microsoft网络服务器：对通信进行数字签名（始终）</td>
<td>启用</td>
</tr>
<tr>
<td>Microsoft网络客户端：对通信进行数字签名（如果服务器允许）</td>
<td>启用</td>
</tr>
<tr>
<td>Microsoft网络客户端：对通信进行数字签名（始终）</td>
<td>启用</td>
</tr>
<tr>
<td>网络安全：基于 NTLM SSP的（包括安全RPC）服务器的最小会话安全</td>
<td>要求 NTLMv2会话安全<br/>要求128位加密</td>
</tr>
<tr>
<td>网络安全：基于 NTLM SSP的（包括安全RPC）客户端的最小会话安全</td>
<td>要求 NTLMv2会话安全<br/>要求128位加密</td>
</tr>
<tr>
<td>网络安全：LAN管理器身份验证级别</td>
<td>仅发送 NTLMv2响应拒绝LM&amp;NTLM</td>
</tr>
<tr>
<td>网络访问：不允许SAM帐户的匿名枚举</td>
<td>启用</td>
</tr>
<tr>
<td>网络访问：不允许SAM帐户和共享的匿名枚举</td>
<td>启用</td>
</tr>
<tr>
<td>网络访问：可匿名访问的共享</td>
<td>空</td>
</tr>
<tr>
<td>网络访问：可匿名访问的命名管道</td>
<td>空</td>
</tr>
<tr>
<td>网络访问：可远程访问的注册表路径</td>
<td>空，不允许远程访问注册表</td>
</tr>
<tr>
<td>网络访问：可远程访问的注册表路径和子路径</td>
<td>空，不允许远程访问注册表</td>
</tr>
</tbody></table>
<h4 id="7-2-禁止未登录关机"><a href="#7-2-禁止未登录关机" class="headerlink" title="7.2 禁止未登录关机"></a>7.2 禁止未登录关机</h4><p>服务器默认是禁止在未登录系统前关机的。如果启用此设置，服务器安全性将会大大降低，给远程连接的黑客造成可乘之机，强烈建议禁用未登录前关机功能。</p>
<p><strong>具体步骤：</strong> <strong>本地安全策略</strong> &gt; <strong>安全选项</strong> 禁用 <strong>关机: 允许系统在未登录前关机</strong> 策略。</p>
<p><img src="https://gitee.com/GWashitgton/Picture/raw/master/image/20200508204746.png" alt="image-20200508204745026"></p>
<h3 id="8-其他安全配置"><a href="#8-其他安全配置" class="headerlink" title="8. 其他安全配置"></a>8. 其他安全配置</h3><h3 id="8-1-防病毒管理"><a href="#8-1-防病毒管理" class="headerlink" title="8.1 防病毒管理"></a>8.1 防病毒管理</h3><p>安装企业级防病毒软件。</p>
<h4 id="8-2-限制远程登录空闲断开时间"><a href="#8-2-限制远程登录空闲断开时间" class="headerlink" title="8.2 限制远程登录空闲断开时间"></a>8.2 限制远程登录空闲断开时间</h4><p>对于远程登录的帐户，设置不活动超过时间15分钟自动断开连接。</p>
<p><strong>具体步骤：</strong>打开 <strong>本地安全策略</strong>，在 <strong>本地策略</strong> &gt; <strong>安全选项</strong> 中，设置 <strong>Microsoft网络服务器：暂停会话前所需的空闲时间数量</strong> 属性为15分钟。</p>
<p><strong>到此，Windows 安全加固就结束了，要保证安全，光这些还是远远不够的。除此之外，还需要管理员要严格遵守安全规则。</strong></p>

    </div>
    <div>
  
    <div>
    
        <div style="text-align:center;color: #ccc;font-size:14px;">-------------本文结束<i class="fa fa-paw"></i>感谢您的阅读-------------</div>
    
</div>
  
</div>

    
    
    
      
       
        
<div class="my_post_copyright">
  <script src="//cdn.bootcss.com/clipboard.js/1.5.10/clipboard.min.js"></script>
  
  <!-- JS库 sweetalert 可修改路径 -->
  <script src="https://cdn.bootcss.com/jquery/2.0.0/jquery.min.js"></script>
  <script src="https://unpkg.com/sweetalert/dist/sweetalert.min.js"></script>
  <p><span>本文标题:</span><a href="/2020/05/08/Windows%E5%AE%89%E5%85%A8%E5%8A%A0%E5%9B%BA/">Windows安全加固</a></p>
  <p><span>文章作者:</span><a href="/" title="访问 Odin 的个人博客">Odin</a></p>
  <p><span>发布时间:</span>2020年05月08日 - 21:05</p>
  <p><span>最后更新:</span>2020年05月08日 - 21:05</p>
  <p><span>原始链接:</span><a href="/2020/05/08/Windows%E5%AE%89%E5%85%A8%E5%8A%A0%E5%9B%BA/" title="Windows安全加固">https://gwashitgton.gitee.io/2020/05/08/Windows%E5%AE%89%E5%85%A8%E5%8A%A0%E5%9B%BA/</a>
    <span class="copy-path"  title="点击复制文章链接"><i class="fa fa-clipboard" data-clipboard-text="https://gwashitgton.gitee.io/2020/05/08/Windows%E5%AE%89%E5%85%A8%E5%8A%A0%E5%9B%BA/"  aria-label="复制成功！"></i></span>
  </p>
  <p><span>许可协议:</span><i class="fa fa-creative-commons"></i> <a rel="license" href="https://creativecommons.org/licenses/by-nc-nd/4.0/" target="_blank" title="Attribution-NonCommercial-NoDerivatives 4.0 International (CC BY-NC-ND 4.0)">署名-非商业性使用-禁止演绎 4.0 国际</a> 转载请保留原文链接及作者。</p>  
</div>
<script> 
    var clipboard = new Clipboard('.fa-clipboard');
    $(".fa-clipboard").click(function(){
      clipboard.on('success', function(){
        swal({   
          title: "",   
          text: '复制成功',
          icon: "success", 
          showConfirmButton: true
          });
    });
    });  
</script>

      
        <div class="reward-container">
  <div>如果对您有帮助，请赞助一下吧</div>
  <button onclick="var qr = document.getElementById('qr'); qr.style.display = (qr.style.display === 'none') ? 'block' : 'none';">
    打赏
  </button>
  <div id="qr" style="display: none;">
      
      <div style="display: inline-block;">
        <img src="/images/wechatpay.png" alt="Odin 微信支付">
        <p>微信支付</p>
      </div>
      
      <div style="display: inline-block;">
        <img src="/images/alipay.png" alt="Odin 支付宝">
        <p>支付宝</p>
      </div>

  </div>
</div>

        

  <div class="followme">
    <p>欢迎关注我的其它发布渠道</p>

    <div class="social-list">

        <div class="social-item">
          <a target="_blank" class="social-link" href="/atom.xml">
            <span class="icon">
              <i class="fa fa-rss"></i>
            </span>

            <span class="label">RSS</span>
          </a>
        </div>
    </div>
  </div>


      <footer class="post-footer">
          <div class="post-tags">
              <a href="/tags/%E5%AE%89%E5%85%A8%E5%8A%A0%E5%9B%BA/" rel="tag"><i class="fa fa-tag"></i> 安全加固</a>
              <a href="/tags/Windows/" rel="tag"><i class="fa fa-tag"></i> Windows</a>
          </div>

        


        
    <div class="post-nav">
      <div class="post-nav-item">
    <a href="/2020/04/27/%E5%A6%82%E4%BD%95%E9%9A%90%E8%97%8F%E6%8C%87%E5%AE%9A%E6%9D%A1Windows%E4%BA%8B%E4%BB%B6%E6%97%A5%E5%BF%97/" rel="prev" title="如何隐藏指定条Windows事件日志">
      <i class="fa fa-chevron-left"></i> 如何隐藏指定条Windows事件日志
    </a></div>
      <div class="post-nav-item">
    <a href="/2020/05/27/Linux%E5%BA%94%E6%80%A5%E5%93%8D%E5%BA%94/" rel="next" title="Linux应急响应">
      Linux应急响应 <i class="fa fa-chevron-right"></i>
    </a></div>
    </div>
      </footer>
    
  </article>
  
  
  



          </div>
          
    <div class="comments" id="valine-comments"></div>

<script>
  window.addEventListener('tabs:register', () => {
    let { activeClass } = CONFIG.comments;
    if (CONFIG.comments.storage) {
      activeClass = localStorage.getItem('comments_active') || activeClass;
    }
    if (activeClass) {
      let activeTab = document.querySelector(`a[href="#comment-${activeClass}"]`);
      if (activeTab) {
        activeTab.click();
      }
    }
  });
  if (CONFIG.comments.storage) {
    window.addEventListener('tabs:click', event => {
      if (!event.target.matches('.tabs-comment .tab-content .tab-pane')) return;
      let commentClass = event.target.classList[1];
      localStorage.setItem('comments_active', commentClass);
    });
  }
</script>

        </div>
          
  
  <div class="toggle sidebar-toggle">
    <span class="toggle-line toggle-line-first"></span>
    <span class="toggle-line toggle-line-middle"></span>
    <span class="toggle-line toggle-line-last"></span>
  </div>

  <aside class="sidebar">
    <div class="sidebar-inner">

      <ul class="sidebar-nav motion-element">
        <li class="sidebar-nav-toc">
          文章目录
        </li>
        <li class="sidebar-nav-overview">
          站点概览
        </li>
      </ul>

      <!--noindex-->
      <div class="post-toc-wrap sidebar-panel">
          <div class="post-toc motion-element"><ol class="nav"><li class="nav-item nav-level-2"><a class="nav-link" href="#Windows系统安全加固"><span class="nav-number">1.</span> <span class="nav-text">Windows系统安全加固</span></a><ol class="nav-child"><li class="nav-item nav-level-3"><a class="nav-link" href="#1-系统安装"><span class="nav-number">1.1.</span> <span class="nav-text">1. 系统安装</span></a></li><li class="nav-item nav-level-3"><a class="nav-link" href="#2-账户管理与认证授权"><span class="nav-number">1.2.</span> <span class="nav-text">2. 账户管理与认证授权</span></a><ol class="nav-child"><li class="nav-item nav-level-4"><a class="nav-link" href="#2-1账户"><span class="nav-number">1.2.1.</span> <span class="nav-text">2.1账户</span></a><ol class="nav-child"><li class="nav-item nav-level-5"><a class="nav-link" href="#默认账户安全"><span class="nav-number">1.2.1.1.</span> <span class="nav-text">默认账户安全</span></a></li><li class="nav-item nav-level-5"><a class="nav-link" href="#控制账户权限"><span class="nav-number">1.2.1.2.</span> <span class="nav-text">控制账户权限</span></a></li><li class="nav-item nav-level-5"><a class="nav-link" href="#定期检查并删除无关账户"><span class="nav-number">1.2.1.3.</span> <span class="nav-text">定期检查并删除无关账户</span></a></li><li class="nav-item nav-level-5"><a class="nav-link" href="#查看是否有隐藏账户"><span class="nav-number">1.2.1.4.</span> <span class="nav-text">查看是否有隐藏账户</span></a></li><li class="nav-item nav-level-5"><a class="nav-link" href="#取消显示最后登录的用户名"><span class="nav-number">1.2.1.5.</span> <span class="nav-text">取消显示最后登录的用户名</span></a></li></ol></li><li class="nav-item nav-level-4"><a class="nav-link" href="#2-2口令"><span class="nav-number">1.2.2.</span> <span class="nav-text">2.2口令</span></a><ol class="nav-child"><li class="nav-item nav-level-5"><a class="nav-link" href="#密码复杂度"><span class="nav-number">1.2.2.1.</span> <span class="nav-text">密码复杂度</span></a></li><li class="nav-item nav-level-5"><a class="nav-link" href="#账户锁定策略"><span class="nav-number">1.2.2.2.</span> <span class="nav-text">账户锁定策略</span></a></li></ol></li><li class="nav-item nav-level-4"><a class="nav-link" href="#2-3-授权"><span class="nav-number">1.2.3.</span> <span class="nav-text">2.3 授权</span></a><ol class="nav-child"><li class="nav-item nav-level-5"><a class="nav-link" href="#远程关机"><span class="nav-number">1.2.3.1.</span> <span class="nav-text">远程关机</span></a></li><li class="nav-item nav-level-5"><a class="nav-link" href="#本地关机"><span class="nav-number">1.2.3.2.</span> <span class="nav-text">本地关机</span></a></li><li class="nav-item nav-level-5"><a class="nav-link" href="#用户权限指派"><span class="nav-number">1.2.3.3.</span> <span class="nav-text">用户权限指派</span></a></li><li class="nav-item nav-level-5"><a class="nav-link" href="#授权帐户登录"><span class="nav-number">1.2.3.4.</span> <span class="nav-text">授权帐户登录</span></a></li><li class="nav-item nav-level-5"><a class="nav-link" href="#授权帐户从网络访问"><span class="nav-number">1.2.3.5.</span> <span class="nav-text">授权帐户从网络访问</span></a></li></ol></li></ol></li><li class="nav-item nav-level-3"><a class="nav-link" href="#3-日志配置"><span class="nav-number">1.3.</span> <span class="nav-text">3. 日志配置</span></a><ol class="nav-child"><li class="nav-item nav-level-4"><a class="nav-link" href="#3-1审核配置"><span class="nav-number">1.3.1.</span> <span class="nav-text">3.1审核配置</span></a><ol class="nav-child"><li class="nav-item nav-level-5"><a class="nav-link" href="#审核登录"><span class="nav-number">1.3.1.1.</span> <span class="nav-text">审核登录</span></a></li><li class="nav-item nav-level-5"><a class="nav-link" href="#审核策略"><span class="nav-number">1.3.1.2.</span> <span class="nav-text">审核策略</span></a></li><li class="nav-item nav-level-5"><a class="nav-link" href="#审核对象访问"><span class="nav-number">1.3.1.3.</span> <span class="nav-text">审核对象访问</span></a></li><li class="nav-item nav-level-5"><a class="nav-link" href="#审核事件目录服务访问"><span class="nav-number">1.3.1.4.</span> <span class="nav-text">审核事件目录服务访问</span></a></li><li class="nav-item nav-level-5"><a class="nav-link" href="#审核特权使用"><span class="nav-number">1.3.1.5.</span> <span class="nav-text">审核特权使用</span></a></li><li class="nav-item nav-level-5"><a class="nav-link" href="#审核系统事件"><span class="nav-number">1.3.1.6.</span> <span class="nav-text">审核系统事件</span></a></li><li class="nav-item nav-level-5"><a class="nav-link" href="#审核帐户管理"><span class="nav-number">1.3.1.7.</span> <span class="nav-text">审核帐户管理</span></a></li><li class="nav-item nav-level-5"><a class="nav-link" href="#审核过程追踪"><span class="nav-number">1.3.1.8.</span> <span class="nav-text">审核过程追踪</span></a></li></ol></li><li class="nav-item nav-level-4"><a class="nav-link" href="#3-2-日志文件大小设置"><span class="nav-number">1.3.2.</span> <span class="nav-text">3.2 日志文件大小设置</span></a><ol class="nav-child"><li class="nav-item nav-level-5"><a class="nav-link" href="#设置日志文件大小"><span class="nav-number">1.3.2.1.</span> <span class="nav-text">设置日志文件大小</span></a></li></ol></li><li class="nav-item nav-level-4"><a class="nav-link" href="#3-3-针对特定目录添加审核"><span class="nav-number">1.3.3.</span> <span class="nav-text">3.3 针对特定目录添加审核</span></a><ol class="nav-child"><li class="nav-item nav-level-5"><a class="nav-link" href="#针对特定目录添加审核"><span class="nav-number">1.3.3.1.</span> <span class="nav-text">针对特定目录添加审核</span></a></li></ol></li></ol></li><li class="nav-item nav-level-3"><a class="nav-link" href="#4-IP协议安全配置"><span class="nav-number">1.4.</span> <span class="nav-text">4. IP协议安全配置</span></a><ol class="nav-child"><li class="nav-item nav-level-4"><a class="nav-link" href="#IP协议安全"><span class="nav-number">1.4.1.</span> <span class="nav-text">IP协议安全</span></a><ol class="nav-child"><li class="nav-item nav-level-5"><a class="nav-link" href="#启用SYN攻击保护"><span class="nav-number">1.4.1.1.</span> <span class="nav-text">启用SYN攻击保护</span></a></li></ol></li></ol></li><li class="nav-item nav-level-3"><a class="nav-link" href="#5-文件权限"><span class="nav-number">1.5.</span> <span class="nav-text">5. 文件权限</span></a><ol class="nav-child"><li class="nav-item nav-level-4"><a class="nav-link" href="#共享文件夹及访问权限"><span class="nav-number">1.5.1.</span> <span class="nav-text">共享文件夹及访问权限</span></a><ol class="nav-child"><li class="nav-item nav-level-5"><a class="nav-link" href="#关闭默认共享"><span class="nav-number">1.5.1.1.</span> <span class="nav-text">关闭默认共享</span></a></li><li class="nav-item nav-level-5"><a class="nav-link" href="#共享文件夹授权访问"><span class="nav-number">1.5.1.2.</span> <span class="nav-text">共享文件夹授权访问</span></a></li></ol></li></ol></li><li class="nav-item nav-level-3"><a class="nav-link" href="#6-服务安全"><span class="nav-number">1.6.</span> <span class="nav-text">6. 服务安全</span></a><ol class="nav-child"><li class="nav-item nav-level-4"><a class="nav-link" href="#6-1-禁用NetBIOS"><span class="nav-number">1.6.1.</span> <span class="nav-text">6.1 禁用NetBIOS</span></a></li><li class="nav-item nav-level-4"><a class="nav-link" href="#6-2-禁用不必要的服务"><span class="nav-number">1.6.2.</span> <span class="nav-text">6.2 禁用不必要的服务</span></a></li></ol></li><li class="nav-item nav-level-3"><a class="nav-link" href="#7-安全选项"><span class="nav-number">1.7.</span> <span class="nav-text">7. 安全选项</span></a><ol class="nav-child"><li class="nav-item nav-level-4"><a class="nav-link" href="#7-1-启用安全选项"><span class="nav-number">1.7.1.</span> <span class="nav-text">7.1 启用安全选项</span></a></li><li class="nav-item nav-level-4"><a class="nav-link" href="#7-2-禁止未登录关机"><span class="nav-number">1.7.2.</span> <span class="nav-text">7.2 禁止未登录关机</span></a></li></ol></li><li class="nav-item nav-level-3"><a class="nav-link" href="#8-其他安全配置"><span class="nav-number">1.8.</span> <span class="nav-text">8. 其他安全配置</span></a></li><li class="nav-item nav-level-3"><a class="nav-link" href="#8-1-防病毒管理"><span class="nav-number">1.9.</span> <span class="nav-text">8.1 防病毒管理</span></a><ol class="nav-child"><li class="nav-item nav-level-4"><a class="nav-link" href="#8-2-限制远程登录空闲断开时间"><span class="nav-number">1.9.1.</span> <span class="nav-text">8.2 限制远程登录空闲断开时间</span></a></li></ol></li></ol></li></ol></div>
      </div>
      <!--/noindex-->

      <div class="site-overview-wrap sidebar-panel">
        <div class="site-author motion-element" itemprop="author" itemscope itemtype="http://schema.org/Person">
    <img class="site-author-image" itemprop="image" alt="Odin"
      src="https://gitee.com/GWashitgton/Picture/raw/master/image/20200422132544.JPG">
  <p class="site-author-name" itemprop="name">Odin</p>
  <div class="site-description" itemprop="description"></div>
</div>
<div class="site-state-wrap motion-element">
  <nav class="site-state">
      <div class="site-state-item site-state-posts">
          <a href="/archives/">
        
          <span class="site-state-item-count">20</span>
          <span class="site-state-item-name">日志</span>
        </a>
      </div>
      <div class="site-state-item site-state-categories">
            <a href="/categories/">
          
        <span class="site-state-item-count">6</span>
        <span class="site-state-item-name">分类</span></a>
      </div>
      <div class="site-state-item site-state-tags">
            <a href="/tags/">
          
        <span class="site-state-item-count">11</span>
        <span class="site-state-item-name">标签</span></a>
      </div>
  </nav>
</div>
  <div class="links-of-author motion-element">
      <span class="links-of-author-item">
        <a href="https://github.com/Grergo" title="GitHub → https:&#x2F;&#x2F;github.com&#x2F;Grergo" rel="noopener" target="_blank"><i class="fab fa-github fa-fw"></i>GitHub</a>
      </span>
      <span class="links-of-author-item">
        <a href="mailto:weikangwang730@gmail.com" title="E-Mail → mailto:weikangwang730@gmail.com" rel="noopener" target="_blank"><i class="fa fa-envelope fa-fw"></i>E-Mail</a>
      </span>
  </div>



      </div>

    </div>
  </aside>
  <div id="sidebar-dimmer"></div>


      </div>
    </main>

    <footer class="footer">
      <div class="footer-inner">
        

        

<div class="copyright">
  
  &copy; 
  <span itemprop="copyrightYear">2021</span>
  <span class="with-love">
    <i class="fa fa-heart"></i>
  </span>
  <span class="author" itemprop="copyrightHolder">Odin</span>
    <span class="post-meta-divider">|</span>
    <span class="post-meta-item-icon">
      <i class="fa fa-chart-area"></i>
    </span>
      <span class="post-meta-item-text">站点总字数：</span>
    <span title="站点总字数">59k</span>
    <span class="post-meta-divider">|</span>
    <span class="post-meta-item-icon">
      <i class="fa fa-coffee"></i>
    </span>
      <span class="post-meta-item-text">站点阅读时长 &asymp;</span>
    <span title="站点阅读时长">54 分钟</span>
</div>

        








      </div>
    </footer>
  </div>

  
  <script size="300" alpha="0.6" zIndex="-1" src="/lib/canvas-ribbon/canvas-ribbon.js"></script>
  <script src="/lib/anime.min.js"></script>
  <script src="//cdn.jsdelivr.net/npm/jquery@3/dist/jquery.min.js"></script>
  <script src="//cdn.jsdelivr.net/gh/fancyapps/fancybox@3/dist/jquery.fancybox.min.js"></script>
  <script src="/lib/velocity/velocity.min.js"></script>
  <script src="/lib/velocity/velocity.ui.min.js"></script>

<script src="/js/utils.js"></script>

<script src="/js/motion.js"></script>


<script src="/js/schemes/pisces.js"></script>


<script src="/js/next-boot.js"></script>




  




  
<script src="/js/local-search.js"></script>









<script>
document.querySelectorAll('.pdfobject-container').forEach(element => {
  let url = element.dataset.target;
  let pdfOpenParams = {
    navpanes : 0,
    toolbar  : 0,
    statusbar: 0,
    pagemode : 'thumbs',
    view     : 'FitH'
  };
  let pdfOpenFragment = '#' + Object.entries(pdfOpenParams).map(([key, value]) => `${key}=${encodeURIComponent(value)}`).join('&');
  let fullURL = `/lib/pdf/web/viewer?file=${encodeURIComponent(url)}${pdfOpenFragment}`;

  if (NexT.utils.supportsPDFs()) {
    element.innerHTML = `<embed class="pdfobject" src="${url + pdfOpenFragment}" type="application/pdf" style="height: ${element.dataset.height};">`;
  } else {
    element.innerHTML = `<iframe src="${fullURL}" style="height: ${element.dataset.height};" frameborder="0"></iframe>`;
  }
});
</script>




  

  

<script>
NexT.utils.loadComments(document.querySelector('#valine-comments'), () => {
  NexT.utils.getScript('https://cdn.jsdelivr.net/npm/valine@1.4.7/dist/Valine.min.js', () => {
    var GUEST = ['nick', 'mail', 'link'];
    var guest = 'nick,mail,link';
    guest = guest.split(',').filter(item => {
      return GUEST.includes(item);
    });
    new Valine({
      el         : '#valine-comments',
      verify     : true,
      notify     : false,
      appId      : '9avK28PbOuQyIMAUY8akDkwc-gzGzoHsz',
      appKey     : 'XKxrXsCfnD7W4M7AwOCslEvq',
      placeholder: "说点什么吧",
      avatar     : 'hide',
      meta       : guest,
      pageSize   : '10' || 10,
      visitor    : false,
      lang       : 'zh-cn' || 'zh-cn',
      path       : location.pathname,
      recordIP   : false,
      serverURLs : ''
    });
  }, window.Valine);
});
</script>

<script src="/live2dw/lib/L2Dwidget.min.js?094cbace49a39548bed64abff5988b05"></script><script>L2Dwidget.init({"pluginRootPath":"live2dw/","pluginJsPath":"lib/","pluginModelPath":"assets/","tagMode":false,"debug":false,"log":false,"model":{"jsonPath":"/live2dw/assets/z16.model.json"},"display":{"position":"left","width":200,"height":300},"mobile":{"show":false},"react":{"opacity":0.9}});</script></body>
</html>
